Certified Ethical Hacker Domain 2: Analysis/Assessment

About the Domain

The second domain of the Certified Ethical Hacker exam is designed to test an applicant’s knowledge of what goes into performing a penetration test or ethical hack. This domain is assigned sixteen questions, or about 12.73% of the total exam. The topics covered in this domain include both the procedural aspects of an assessment (what to do when) and the techniques necessary to complete each assessment step.

What’s Covered

This section of the exam is focused on the methodologies and steps necessary to perform assessments as an ethical hacker. This includes everything from risk assessments to Red Team operations. The domain is broken into two parts which test both knowledge of how to perform assessments and analysis, and knowledge of the methodologies for performing technical assessment.

Information Security Assessment and Analysis

The first half of this domain consists of testing the applicant’s ability to perform assessments and analysis. This section will consist of eight questions (6.4% of the exam) and covers data analysis, systems analysis and performing risk assessments.

The first two topics in this section (data and systems analysis) test your ability to perform an assessment. We’ll cover the steps of an assessment in the next section, but you should know about identifying a vulnerability to exploit. In the early phases of the assessment, you need to know how to gather information about a target (both technical and non-technical) and parse through it for useful nuggets that can reveal vulnerabilities. For this section, you need to know how to gather open-source intelligence (OSINT), how to scan a network or host and interpret the result, and how to use the collected knowledge to build a plan for the assessment.

One of the most important things to know for this section of the exam is the (Read more...)

Sponsorships Available

Sponsorships Available

Sponsorships Available